CVE-2012-1189
published 2012-10-08CVE-2012-1189: Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted…
PriorityP345critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
9.59%
94.9th percentile
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bernhard_wymann | torcs | <= 1.3.2 | — |
| bernhard_wymann | torcs | — | — |
| bernhard_wymann | torcs | — | — |
| bernhard_wymann | torcs | — | — |
| bernhard_wymann | torcs | — | — |
| bernhard_wymann | torcs | >= 0 < 1.3.3-1 | 1.3.3-1 |
| bernhard_wymann | torcs | >= 0 < 1.3.3-1 | 1.3.3-1 |
| bernhard_wymann | torcs | >= 0 < 1.3.3-1 | 1.3.3-1 |
| bernhard_wymann | torcs | >= 0 < 1.3.3-1 | 1.3.3-1 |
| debian | torcs | < torcs 1.3.3-1 (bookworm) | torcs 1.3.3-1 (bookworm) |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hx2c-qfwc-wm58: Stack-based buffer overflow in modules/graphic/ssgraph/grsound
ghsa_unreviewed·2022-05-17
CVE-2012-1189 [HIGH] CWE-119 GHSA-hx2c-qfwc-wm58: Stack-based buffer overflow in modules/graphic/ssgraph/grsound
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.
OSV
CVE-2012-1189: Stack-based buffer overflow in modules/graphic/ssgraph/grsound
osv·2012-10-08·CVSS 9.3
CVE-2012-1189 [CRITICAL] CVE-2012-1189: Stack-based buffer overflow in modules/graphic/ssgraph/grsound
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.
Debian
CVE-2012-1189: torcs - Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open R...
vendor_debian·2012·CVSS 9.3
CVE-2012-1189 [CRITICAL] CVE-2012-1189: torcs - Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open R...
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.
Scope: local
bookworm: resolved (fixed in 1.3.3-1)
bullseye: resolved (fixed in 1.3.3-1)
forky: resolved (fixed in 1.3.3-1)
sid: resolved (fixed in 1.3.3-1)
trixie: resolved (fixed in 1.3.3-1)
No detection rules found.
Bugzilla
CVE-2012-1189 torcs: Stack-based buffer overflow by processing specially-crafted audio file name in "engine sample" attribute [fedora-all]
bugzilla·2012-02-20·CVSS 9.3
CVE-2012-1189 [CRITICAL] CVE-2012-1189 torcs: Stack-based buffer overflow by processing specially-crafted audio file name in "engine sample" attribute [fedora-all]
CVE-2012-1189 torcs: Stack-based buffer overflow by processing specially-crafted audio file name in "engine sample" attribute [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission li
Bugzilla
CVE-2012-1189 torcs: Stack-based buffer overflow by processing specially-crafted audio file name in "engine sample" attribute
bugzilla·2012-02-20·CVSS 9.3
CVE-2012-1189 [CRITICAL] CVE-2012-1189 torcs: Stack-based buffer overflow by processing specially-crafted audio file name in "engine sample" attribute
CVE-2012-1189 torcs: Stack-based buffer overflow by processing specially-crafted audio file name in "engine sample" attribute
A stack-based buffer overflow flaw was found in the way TORCS, the Open Racing Car Simulator, performed sound initialization. If a local, unsuspecting user was tricked into opening a specially-crafted audio file name via "engine sample" XML configuration file attribute, it could lead to 'torcs' executable crash, or, potentially arbitrary code execution with the privileges of the user running torcs.
References:
[1] http://www.openwall.com/lists/oss-security/2012/02/18/2
(OSS mailing post with further details)
[2] http://www.exploit-db.com/exploits/18471/
(MS Windows XP Service Pack 3 exploit)
[3] http://torcs.sourceforge.net/
(upstream page, version v1.3.3 is liste
http://freecode.com/projects/torcs/releases/341672http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79http://www.exploit-db.com/exploits/18471http://www.openwall.com/lists/oss-security/2012/02/18/2http://www.openwall.com/lists/oss-security/2012/03/05/18http://www.osvdb.org/79372http://freecode.com/projects/torcs/releases/341672http://torcs.sourceforge.net/index.php?name=News&file=article&sid=79http://www.exploit-db.com/exploits/18471http://www.openwall.com/lists/oss-security/2012/02/18/2http://www.openwall.com/lists/oss-security/2012/03/05/18http://www.osvdb.org/79372
2012-10-08
Published